T-Mobile suffered a huge data breach, in which the data of 37 million customers was exposed to malicious actors.
Communications giant T-Mobile has been the victim of a major data breach. 37 million postpaid and prepaid customers had their data exposed in the hack.
T-Mobile was hit by a huge data breach
US telecommunications giant T-Mobile suffered a data breach, exposing the data of around 37 million customers online.
An SEC filing said the malicious enterprise began in November 2022, but it wasn’t until early January 2023 that T-Mobile discovered that the malicious actor was “obtaining data through a only application programming interface (“API”) without permission.” The attack operator was therefore able to access the data for a few months.
Various types of data were exposed in the breach, including email addresses, billing addresses, names, account numbers and T-mobile plan specifications.
T-Mobile also said it “quickly initiated an investigation with outside cybersecurity experts and within a day of learning of the malicious activity, [staff] were able to trace the source of the malicious activity and stop it.” Based on this statement, it appears that the attack itself was handled accordingly.
This isn’t T-Mobile’s first data breach
T-Mobile is no stranger to data breaches, with this most recent attack marking the fifth in five years. Since 2018, T-Mobile has suffered one or more data breaches each year, with 2021 bringing a particularly severe breach that exposed the data of 40 million former and prospective customers, as well as that of 7.8 million existing customers.
This Most Recent T-Mobile Hack Comes After a $150 Million Security Effort
In August 2021, various customer data was accessed via a data breach, including passwords, driver’s license data, and payment card information. This led to a class action lawsuit, in which T-Mobile agreed to pay a hefty $350 million compensation bill to customers and spend another $150 million to improve its security levels over two years.
But this most recent attack appears to show that not enough has been done to stave off some forms of cybercrime, including data breaches.
But T-Mobile commented on the investment in the aforementioned SEC filing, saying it has “made substantial progress to date and is protecting [its] customer data remains a top priority.” It was also written that the company “will continue to make substantial investments to strengthen [its] cybersecurity program.”
T-Mobile said it “will likely incur significant expenses in connection with this incident”, although the extent of financial damages is not known at the time of writing.
Data breaches are a pressing problem
As we continue to rely on technology for data storage, breaches continue to pose a huge risk to organizations and individuals around the world. That’s why it’s important that the parties we entrust with our data do what they can to prevent cybercrime and protect sensitive information.